Report

Share

•1 like•350 views

•1 like•350 views

Report

Share

Download to read offline

Zero-day vulnerabilities are gaining a prominent role in the modern-day intelligence, national security, and law enforcement operations. At the same time, trading vulnerability information or zero-day exploits is considered a risky ordeal. Players in the secretive zero-day market face some inherent obstacles related to time-sensitiveness of traded commodities, trust, price fairness, and possibility of defection. To alleviate some of these problems, it was suggested to: 1. Use punishment (i.e., public disclosure of vulnerabilities) to discourage a buyer from defecting; 2. Resort to the use of trusted-third parties (e.g., escrow services), as crucial entities for enabling cooperation of market participants; and 3. Build a reputation system (e.g., reputation score) as an instrument to establish trust relationships between distrustful players. This work presents the first results of an ongoing study on extortion and cooperation in zero-day markets through the lens of game theory. The questions motivating this research are: a. Can the zero-day market achieve cooperation and efficiency even in absence of trusted-third parties? b. Can punishment discourage the buyer from defecting? c. Under which conditions a player can extort the opponent? d. Can cooperation be sustained also in fully anonymous or semi-anonymous settings? The talk will address these questions and others, by providing an analysis of the zero-day trading strategies applicable to each scenario. Learn which strategies allows to maximize the profits while trading zero-days in today's marketplaces. Find out how to avoid getting extorted by zero--day traders. Learn how to extort an unwit market participant. Gain a deeper knowledge about the emergence, sustainability, and breakdown of cooperation. Discover under which conditions the zero-day markets can achieve efficiency. This work find application in a number of markets for vulnerability information and zero-day exploits. They range from over-the-counter zero-day trading, to boutique exploit providers offering zero-day vulnerabilities for a subscription fee, to service models for vulnerability research.

- 1. ... The Bazaar, the Maharaja’s Ultimatum, and the Shadow of the Future: . Extortion and Cooperation in the Zero-day Market . Alfonso De Gregorio . Founder, BeeWise .. PHDays V, Moscow, May 26th-27th, 2015
- 3. .. Agenda . 1. The Zero-day Market A hairy business 2. Relevance Should I care? 3. The Zero-day Dilemma Extortion and Cooperation in the Zero-day Market 4. Recommendations to Zero-day traders How to maximize the payoﬀ?
- 5. ..
- 6. ..
- 7. ..
- 8. ..
- 9. ..
- 10. ..
- 11. ..
- 12. ... Meet Ty
- 13. ..
- 14. ..
- 15. ..
- 16. ..
- 17. ..
- 18. ..
- 19. ... Meanwhile...
- 20. ..
- 21. ..
- 22. ..
- 23. ..
- 24. ..
- 25. ..
- 26. ..
- 27. ..
- 28. ..
- 29. ..
- 30. ..
- 31. .. Inherent obstacles . The Zero-day Market . 28/112 1. Time-sensitiveness of traded commodities 2. Trust 3. Price fairness 4. Possibility of defection
- 32. .. A hairy business . The Zero-day Market . 29/112 ..
- 33. .. The Legitimate Vulnerability Market . The Zero-day Market . 30/112 ..
- 34. .. Time-sensitive commodity . The Zero-day Market . 31/112 .. . Valuable only when they are not widely known . Value drops to zero, as soon as the vulnerability is disclosed or a mitigation is released . Transactions should complete in short times . Discretion required
- 35. ... Every day can be the last day for a 0-day sale
- 36. .. Trust . The Zero-day Market . 33/112 .. . No centralized way to locate its players . Finding buyers and sellers is time-consuming . Unfamiliar business partners . Hard to verify intentions
- 37. ... Oh, grandmother, what a horribly big mouth you have!
- 38. .. Lack of transparency and price fairness . The Zero-day Market . 35/112 .. . Adoption levels of the vulnerable component . Presence within a given attack surface . Level of authentication required to exploit it . Diﬀiculty of independent rediscovery . Exploit reliability
- 40. .. Tension . The Zero-day Market . 37/112 .. . Disclose and lose? . Proving without disclosing . Two approaches: reveal or demonstrate . Both undesirable
- 41. ..
- 42. .. Reveal . The Zero-day Market . 39/112 .. . Whoever moves first and lose your asset . Buyer steals the vulnerability, if the seller reveals it before the sale . Seller runs away with the money, if the buyers pays in advance
- 43. .. Demonstrate . The Zero-day Market . 40/112 .. . Whoever controls the computing environment has an edge . Does the seller tampers with the computing environment? . Does the buyer records the working of the exploit and steal it?
- 44. ... Any vulnerability claim can’t be ensured
- 45. ..
- 47. .. Exclusive rights to the buyer . The Zero-day Market . 44/112 .. . Grant exclusive rights, to receive the largest payoﬀs . What if the seller defects, selling the same zero-day to multiple parties? . This time are the buyers to lack a mean to protect themselves . Forcing to return the funds? . Diﬀiculty to identify sellers, to attribute multiple transactions to the same supplier, and to enforce contracts helps the seller willing to betray
- 48. ..
- 49. .. Proposed solutions . The Zero-day Market . 46/112 . Use punishment (i.e., public disclosure of vulnerabilities) to discourage a buyer from defecting;
- 50. .. Proposed solutions . The Zero-day Market . 46/112 . Use punishment (i.e., public disclosure of vulnerabilities) to discourage a buyer from defecting; . Resort to the use of trusted-third parties (e.g., escrow services), as crucial entities for enabling cooperation of market participants;
- 51. .. Proposed solutions . The Zero-day Market . 46/112 . Use punishment (i.e., public disclosure of vulnerabilities) to discourage a buyer from defecting; . Resort to the use of trusted-third parties (e.g., escrow services), as crucial entities for enabling cooperation of market participants; . Build a reputation system (e.g., reputation score) as an instrument to establish trust relationships between distrustful players.
- 52. ..
- 53. ... PHEW!
- 54. .. Motivating questions . The Zero-day Market . 49/112 1. Can the zero-day market achieve cooperation and eﬀiciency even in absence of trusted-third parties?
- 55. .. Motivating questions . The Zero-day Market . 49/112 1. Can the zero-day market achieve cooperation and eﬀiciency even in absence of trusted-third parties? 2. Can punishment discourage the buyer from defecting?
- 56. .. Motivating questions . The Zero-day Market . 49/112 1. Can the zero-day market achieve cooperation and eﬀiciency even in absence of trusted-third parties? 2. Can punishment discourage the buyer from defecting? 3. Under which conditions a player can extort the opponent?
- 57. .. Motivating questions . The Zero-day Market . 49/112 1. Can the zero-day market achieve cooperation and eﬀiciency even in absence of trusted-third parties? 2. Can punishment discourage the buyer from defecting? 3. Under which conditions a player can extort the opponent? 4. Can cooperation be sustained also in fully anonymous settings?
- 58. .. Motivating questions . The Zero-day Market . 49/112 1. Can the zero-day market achieve cooperation and eﬀiciency even in absence of trusted-third parties? 2. Can punishment discourage the buyer from defecting? 3. Under which conditions a player can extort the opponent? 4. Can cooperation be sustained also in fully anonymous settings? 5. What about semi-anonymous settings?
- 59. ... Which trading strategy to employ?
- 61. .. /me . Relevance . 52/112 At the intersection of so ware security and security so ware, exploring, and trying to contain, the space of unanticipated state.
- 63. .. Inability to self-correct . Relevance . 54/112 .. . So ware manufacturers will not forgo market shares . So ware users will not forgo features . Attackers will not forgo attacking tens of millions of vulnerable systems
- 65. .. Should I care? . Relevance . 56/112 1. More interconnected
- 66. .. Should I care? . Relevance . 56/112 1. More interconnected 2. More interdependent
- 67. .. Should I care? . Relevance . 56/112 1. More interconnected 2. More interdependent 3. Greater dynamic range of possible failure
- 68. .. Should I care? . Relevance . 56/112 1. More interconnected 2. More interdependent 3. Greater dynamic range of possible failure 4. Vulnerability information is key to both oﬀensive and defensive purposes
- 69. .. Should I care? . Relevance . 56/112 1. More interconnected 2. More interdependent 3. Greater dynamic range of possible failure 4. Vulnerability information is key to both oﬀensive and defensive purposes 5. Prominent role in modern-day intelligence, national security, and law enforcement operations
- 73. .. Where the results find application? . Relevance . 60/112 .. . Over-the-counter zero-day trading
- 74. .. Where the results find application? . Relevance . 60/112 .. . Over-the-counter zero-day trading . Boutique exploit providers oﬀering zero-day vulnerabilities for a subscription fee
- 75. .. Where the results find application? . Relevance . 60/112 .. . Over-the-counter zero-day trading . Boutique exploit providers oﬀering zero-day vulnerabilities for a subscription fee . Service models for vulnerability research
- 77. ... The Bazaar
- 79. ... The Shadow of the Future
- 80. .. Ultimatum Game . The Zero-day Dilemma . 65/112 .. . A game in economic experiments . Proposer: receives a sum of money and propose how to divide the sum between himself and another player . Responder: chooses to either accept or reject the proposal . If he accepts, the money is split according to the proposal . If he rejects, neither player receives any money
- 81. .. Prisoner’s Dilemma . The Zero-day Dilemma . 66/112 .. . Two purely “rational” individuals might not cooperate, even if it appears that it is in their best interest to do so . Two prisoners that commited a crime . If they both do not confess, they get a low punishment . If they both confess, they get a more severe punishment . If one confesses and the other does not, then the one that confesses gets a very low punishment and the other gets a very severe punishment
- 82. .. IPD . The Zero-day Dilemma . 67/112 The Iterated Prisoner’s Dilemma (IPD) is a repeated game, where the PD is the stage game. Agents play the PD game an indefinite number of times.
- 83. .. The 0-Day Dilemma . The Zero-day Dilemma . 68/112 ..
- 84. .. Submissive scenario . The Zero-day Dilemma . 69/112 .. . Traders are playing the standard PD . R > P implies that mutual cooperation is superior to mutual defection . T > R and P > S imply that defection is the dominant strategy for both agents . Or, defection is better than cooperation for one player, no matter how that player’s opponent may play
- 85. .. Adaptive scenario . The Zero-day Dilemma . 70/112 .. . Neither the buyer nor the seller have a dominant strategy, if we assume Z > S and the U < R . If the betryed seller has the ability to close alternative deals for the same exploit (i.e., 1-Day FUD, 1-Day private exploits), then defection would not be a dominant strategy anymore . The market nature plays a role . Today not a monopsony and weakly regulated. Tomorrow rules and regulations may emerge in this area (e.g., Wassenaar Arrangement) and may impact the market liquidity
- 86. .. MAD scenario . The Zero-day Dilemma . 71/112 .. . A variant of the standard PD, where the seller has the ability to negate the buyer the temptation to defect . Just make sure T approaches P . Hence, defection is not a dominant strategy for the buyer . If factors such as market liquidity, export/trade regulations, mean-time to close a deal prevent the Adaptive retaliation approach from being undertaken, then the seller should consider disclosing publicly the exploit or the vulnerability.
- 87. .. MAD scenario . The Zero-day Dilemma . 72/112 .. . This would not make herself worse oﬀ . The seller would reduce the buyer incentives to defect in the first place
- 88. .. FD & Brinkmanship . The Zero-day Dilemma . 73/112 .. . To this end, it is important for the 0-Day sellers to have an eﬀicient mean for doing full-disclosure
- 89. .. FD & Brinkmanship . The Zero-day Dilemma . 73/112 .. . To this end, it is important for the 0-Day sellers to have an eﬀicient mean for doing full-disclosure . Not for the sake of bragging rights anymore, but for modern-day brinkmanship
- 90. .. FD & Brinkmanship . The Zero-day Dilemma . 73/112 .. . To this end, it is important for the 0-Day sellers to have an eﬀicient mean for doing full-disclosure . Not for the sake of bragging rights anymore, but for modern-day brinkmanship . As faster the disclosure of the vulnerability, as shorter the window of opportunity to the exploiter and the smaller the Residual payoﬀ (V)
- 91. .. Fair share of troubles . The Zero-day Dilemma . 74/112 .. . Since July 2002 the Full-Disclosure list experienced a “fair share of legal troubles along the way.” . Posting on a mailing list may transalte in an OPSEC failure, if the anonymity of the submitter is not protected
- 92. .. WhistleDay or ZeroLeaks . The Zero-day Dilemma . 75/112 . A 0-Day disclosure platform . Researchers could use it for full-disclosure . Players in the Zero-day market could use to retaliate against buyers who defect . Insiders would turn to it to expose the secretive trade in intrusion and surveillance technologies . Dub it WhistleDay or ZeroLeaks, if you like
- 93. .. Cooperation is possible . The Zero-day Dilemma . 76/112 . As long as the seller doesn’t play in the Submissive scenario, the buyer is not better oﬀ defecting
- 94. .. Cooperation is possible . The Zero-day Dilemma . 76/112 . As long as the seller doesn’t play in the Submissive scenario, the buyer is not better oﬀ defecting . In the one-shot sequential 0-Day Dilemma cooperation is possible
- 95. .. Cooperation is possible . The Zero-day Dilemma . 76/112 . As long as the seller doesn’t play in the Submissive scenario, the buyer is not better oﬀ defecting . In the one-shot sequential 0-Day Dilemma cooperation is possible . If this is not the case, the rational outcome is the action profile of mutual defection
- 96. .. Cooperation is possible . The Zero-day Dilemma . 76/112 . As long as the seller doesn’t play in the Submissive scenario, the buyer is not better oﬀ defecting . In the one-shot sequential 0-Day Dilemma cooperation is possible . If this is not the case, the rational outcome is the action profile of mutual defection . “We have to distrust each other. It’s our only defense against betrayal.” — Tennessee Williams
- 97. .. Cooperation is possible . The Zero-day Dilemma . 76/112 . As long as the seller doesn’t play in the Submissive scenario, the buyer is not better oﬀ defecting . In the one-shot sequential 0-Day Dilemma cooperation is possible . If this is not the case, the rational outcome is the action profile of mutual defection . “We have to distrust each other. It’s our only defense against betrayal.” — Tennessee Williams . “The dilemma then is that mutual cooperation yields a better outcome than mutual defection but it is not the rational outcome because the choice to cooperate, at the individual level, is not rational from a self-interested point of view.”
- 98. .. Cooperation as an Equilibrium . The Zero-day Dilemma . 77/112 If no form of punishment can be undertaken by the seller, can the cooperative outcome still be sustained as an equilibrium?
- 99. .. Iterated 0-Day Dilemma . The Zero-day Dilemma . 78/112 . The Iterated 0-Day Dilemma (I0DD) is a repeated game, where the 0-Day Dilemma is the stage game. Agents play the 0-Day Dilemma game an indefinite number of times
- 100. .. Iterated 0-Day Dilemma . The Zero-day Dilemma . 78/112 . . The Iterated 0-Day Dilemma (I0DD) is a repeated game, where the 0-Day Dilemma is the stage game. Agents play the 0-Day Dilemma game an indefinite number of times Remark: Whenever the Submissive scenario applies, the I0DD reduces to the Iterated Prisoner’s Dilemma
- 101. .. Three settings . The Zero-day Dilemma . 79/112 . .. . Onymous: The traders know the identity of the party they are dealing with
- 102. .. Three settings . The Zero-day Dilemma . 79/112 .. . Onymous: The traders know the identity of the party they are dealing with . Anonymous: Trades takes place among strangers
- 103. .. Three settings . The Zero-day Dilemma . 79/112 .. . Onymous: The traders know the identity of the party they are dealing with . Anonymous: Trades takes place among strangers . Semi-anonymous: Either the buyer or the seller is anonymous
- 104. .. Cooperation is possible in onymous economies . The Zero-day Dilemma . 80/112 .. Aumann, Robert (1959). “Acceptable points in general cooperative n-person games”. In Luce, R. D.; Tucker, A. W. Contributions to the Theory 23 of Games IV. Annals of Mathematics Study 40. Princeton NJ: Princeton University Press. pp. 287–324. MR 0104521.
- 105. .. William Press and Freeman Dyson . The Zero-day Dilemma . 81/112 ...
- 106. .. Sentient Player . The Zero-day Dilemma . 82/112 .. . Power granted to a sentient player . A player with a theory of mind . Who realize that her behavior can influence her opponents’ strategies
- 107. .. Zero Determinant (ZD) Strategies . The Zero-day Dilemma . 83/112 ...
- 108. .. Extortion . The Zero-day Dilemma . 84/112 .. If one trader is aware of ZD strategies, but the opponent is an evoutionary player then the former can choose to extort the latter
- 109. .. Evolutionary players . The Zero-day Dilemma . 85/112 .. A player is said to be evolutionary is she posses no theory of mind and instead simply seeks to adjust her strategy to maximize her own score in response to whatever the adversary is doing
- 110. .. Extortion strategies . The Zero-day Dilemma . 86/112 . Grant a disproportionate number of high payoﬀs to the extortionist . It is the victim’s best interest to cooperate with the extortionist, because she is able to increase her score by doing so . In so doing, she ends up increasing the extortionist’s score even more than her own . She will never catch up to the extortionist, and she will accede to her extortionist because it pays her to do so
- 111. .. An extortionist relation . The Zero-day Dilemma . 87/112 Sx − P = 3(Sy − P)
- 112. .. Extortionist strategy: Example . The Zero-day Dilemma . 88/112 .. . Let R = 3, T = 5, P = 1, S = 0 . Let the desired payoﬀ relation be Sx − P = 3(Sy − P) . If we both cooperated last time, then I cooperate with probability 11/13 . If I cheated you last time (you cooperated and I defected), then I cooperate with probability 7/26 . If you cheated me last time (I cooperated and you defected), then I cooperate with probability 1/2 . If we both defected last time, I defect . On average over the long run, my score minus one will be thrice your score minus one
- 113. .. Press and Dyson . The Zero-day Dilemma . 89/112 ..
- 114. .. IPD == Ultimatum Game . The Zero-day Dilemma . 90/112 .. If both players are sentient, but only one is aware of ZD-Strategies, then the IPD reduces to the Ultimatum Game
- 115. .. IPD == Ultimatum Game . The Zero-day Dilemma . 91/112 .. . Let’s suppose both players are sentient . Let’s suppose the buyer only knows about ZD-strategies . The buyer tries to extort the seller . The seller eventually notice . The seller decide to sabotage the scores of both . This is an Ultimatum Game. The buyer proposes an unfair ultimatum. And the seller respond.
- 116. .. Generous ZD-Strategies . The Zero-day Dilemma . 92/112 .. . If both players are sentient and witting of ZD-Strategies, then they can agree on playing a Generous ZD-Strategy
- 117. .. Generous ZD-Strategies . The Zero-day Dilemma . 92/112 .. . If both players are sentient and witting of ZD-Strategies, then they can agree on playing a Generous ZD-Strategy . In fact any tentative to extort the opponent would result in a low payoﬀ for both
- 118. .. Generous ZD-Strategies . The Zero-day Dilemma . 92/112 .. . If both players are sentient and witting of ZD-Strategies, then they can agree on playing a Generous ZD-Strategy . In fact any tentative to extort the opponent would result in a low payoﬀ for both . It is rational to agree on a fair cooperation strategy
- 119. .. Generous ZD-Strategies . The Zero-day Dilemma . 92/112 .. . If both players are sentient and witting of ZD-Strategies, then they can agree on playing a Generous ZD-Strategy . In fact any tentative to extort the opponent would result in a low payoﬀ for both . It is rational to agree on a fair cooperation strategy . They agree to unilaterally set the other’s score to an agreed value (presumably the maximum possible)
- 120. .. Generous ZD-Strategies . The Zero-day Dilemma . 92/112 .. . If both players are sentient and witting of ZD-Strategies, then they can agree on playing a Generous ZD-Strategy . In fact any tentative to extort the opponent would result in a low payoﬀ for both . It is rational to agree on a fair cooperation strategy . They agree to unilaterally set the other’s score to an agreed value (presumably the maximum possible) . Neither player can then improve her score by violating the strategy
- 121. .. Generous ZD-Strategies . The Zero-day Dilemma . 92/112 .. . If both players are sentient and witting of ZD-Strategies, then they can agree on playing a Generous ZD-Strategy . In fact any tentative to extort the opponent would result in a low payoﬀ for both . It is rational to agree on a fair cooperation strategy . They agree to unilaterally set the other’s score to an agreed value (presumably the maximum possible) . Neither player can then improve her score by violating the strategy . Each is punished for any purely malicious violation
- 122. .. A generous relation . The Zero-day Dilemma . 93/112 Sx − R = 2(Sy − R)
- 123. .. Generous ZD-strategy: Example . The Zero-day Dilemma . 94/112 .. . Let R = 3, T = 5, P = 1, S = 0 . Let the desired payoﬀ relation be Sx − R = 2(Sy − R) . If we both cooperated last time, then I cooperate . If I cheated you last time (you cooperated and I defected), then I cooperate with probability 8/10 . If you cheated me last time (I cooperated and you defected), then I cooperate with probability 3/10 . If we both defected last time, I cooperate with probability 2/10 . On average over the long run, my score minus three will be twice your score minus three
- 124. .. Under the assumption... . The Zero-day Dilemma . 95/112 .. . Ascribe past actions to the same market participants . Choose strategies according to the outcome of past interactions
- 125. .. Anonymous Black Market . The Zero-day Dilemma . 96/112 .. . Is cooperation possible in anonymous zero-day markets?
- 126. .. Anonymous Black Market . The Zero-day Dilemma . 96/112 .. . Is cooperation possible in anonymous zero-day markets? . Do you believe it is?
- 127. .. Anonymous Black Market . The Zero-day Dilemma . 96/112 .. . Is cooperation possible in anonymous zero-day markets? . Do you believe it is? . If yes, which institutions for monitoring and enforcement promote cooperation in this setting?
- 128. .. Cooperation among Strangers . The Zero-day Dilemma . 97/112 ..
- 129. .. Anonymous Economies: Camera and Casari 1 . The Zero-day Dilemma . 98/112 .. . Cooperation is high and increases with experience
- 130. .. Anonymous Economies: Camera and Casari 1 . The Zero-day Dilemma . 98/112 .. . Cooperation is high and increases with experience . Low degree of cooperation when subject see aggregate outcomes without observing identities (e.g., as might result from discussing trading experiences in anonymous fora)
- 131. .. Anonymous Economies: Camera and Casari 1 . The Zero-day Dilemma . 98/112 .. . Cooperation is high and increases with experience . Low degree of cooperation when subject see aggregate outcomes without observing identities (e.g., as might result from discussing trading experiences in anonymous fora) . Costly personal punishment significantly promotes cooperation
- 132. .. Anonymous Economies: Camera and Casari 2 . The Zero-day Dilemma . 99/112 .. . Subject were given the possibility to observe actions and outcomes in their game and to inflict, at a cost, a loss in the earnings of the defecting opponent
- 133. .. Anonymous Economies: Camera and Casari 2 . The Zero-day Dilemma . 99/112 .. . Subject were given the possibility to observe actions and outcomes in their game and to inflict, at a cost, a loss in the earnings of the defecting opponent . Camera and Casari added a second stage in the one-shot game
- 134. .. Anonymous Economies: Camera and Casari 2 . The Zero-day Dilemma . 99/112 .. . Subject were given the possibility to observe actions and outcomes in their game and to inflict, at a cost, a loss in the earnings of the defecting opponent . Camera and Casari added a second stage in the one-shot game . The retaliation stage resembles in full the Adaptive and MAD scenarios in the 0-Day Dilemma
- 135. .. Anonymous Economies: Camera and Casari 3 . The Zero-day Dilemma . 100/112 .. . The player who obseverd the opponent defect sometimes employed personal punishment (i.e., in-match retaliation), while staying in cooperative mode in the following periods
- 136. .. Anonymous Economies: Camera and Casari 3 . The Zero-day Dilemma . 100/112 .. . The player who obseverd the opponent defect sometimes employed personal punishment (i.e., in-match retaliation), while staying in cooperative mode in the following periods . Players show preference for in-match retaliation over the (equilibrium) informal retaliation
- 137. .. Anonymous Economies: Camera and Casari 3 . The Zero-day Dilemma . 100/112 .. . The player who obseverd the opponent defect sometimes employed personal punishment (i.e., in-match retaliation), while staying in cooperative mode in the following periods . Players show preference for in-match retaliation over the (equilibrium) informal retaliation . Eﬀiciency: defectors who had been punished by a cooperator were more likely to cooperate in the following periods (34.5% vs 24.1%)
- 138. .. Punishment as a Public Good . The Zero-day Dilemma . 101/112 .. . It significantly increases cooperation
- 139. .. Punishment as a Public Good . The Zero-day Dilemma . 101/112 .. . It significantly increases cooperation . The subject that benefit the most are cooperator who punish little or not at all
- 140. .. Semi-anonymous Zero-day markets . The Zero-day Dilemma . 102/112 .. . If only one party is anonymous, the onymous counterpart has not ability to know if she already had any deals with the same participant
- 141. .. Semi-anonymous Zero-day markets . The Zero-day Dilemma . 102/112 .. . If only one party is anonymous, the onymous counterpart has not ability to know if she already had any deals with the same participant . The latter can’t benefit from being sentient and is forced to choose her strategies as an evolutionary player would do
- 142. .. Semi-anonymous Zero-day markets . The Zero-day Dilemma . 102/112 .. . If only one party is anonymous, the onymous counterpart has not ability to know if she already had any deals with the same participant . The latter can’t benefit from being sentient and is forced to choose her strategies as an evolutionary player would do . If the anonymous party knows about the ZD-strategies, she can choose to extort the opponent
- 143. .. Semi-anonymous Zero-day markets . The Zero-day Dilemma . 102/112 .. . If only one party is anonymous, the onymous counterpart has not ability to know if she already had any deals with the same participant . The latter can’t benefit from being sentient and is forced to choose her strategies as an evolutionary player would do . If the anonymous party knows about the ZD-strategies, she can choose to extort the opponent . Hence, while cooperation can emerge in fully-anonymous markets, extortion can profilate in the semi-anonymous economies
- 144. .. To sum up . The Zero-day Dilemma . 103/112 . Zero-day markets can achieve cooperation even in absence of trusted-third parties
- 145. .. To sum up . The Zero-day Dilemma . 103/112 . Zero-day markets can achieve cooperation even in absence of trusted-third parties . Cooperation can be sustained even when traders are anonymous
- 146. .. To sum up . The Zero-day Dilemma . 103/112 . Zero-day markets can achieve cooperation even in absence of trusted-third parties . Cooperation can be sustained even when traders are anonymous . Punishment is an eﬀective instrument to discourage traders from defecting
- 147. .. To sum up . The Zero-day Dilemma . 103/112 . Zero-day markets can achieve cooperation even in absence of trusted-third parties . Cooperation can be sustained even when traders are anonymous . Punishment is an eﬀective instrument to discourage traders from defecting . It is possible to get extorted, if the adversary knows about ZD-Strategies and we simply seek to adjust our strategy to maximize our own profit
- 149. .. Recommendations . Recommendations . 105/112 1. Do not deal with anonymous traders, if you cannot ensure your own anonymity
- 150. .. Recommendations . Recommendations . 105/112 1. Do not deal with anonymous traders, if you cannot ensure your own anonymity 2. Discourage defection by practicing brinkmanship or casting the shadow of the future in every decision of your counterpart
- 151. .. Recommendations . Recommendations . 105/112 1. Do not deal with anonymous traders, if you cannot ensure your own anonymity 2. Discourage defection by practicing brinkmanship or casting the shadow of the future in every decision of your counterpart 3. Respond: Consider punishing defection to promote cooperation
- 152. .. Recommendations . Recommendations . 105/112 1. Do not deal with anonymous traders, if you cannot ensure your own anonymity 2. Discourage defection by practicing brinkmanship or casting the shadow of the future in every decision of your counterpart 3. Respond: Consider punishing defection to promote cooperation 4. Let the seller supply the vulnerability first, if interested in a one-time deal
- 153. .. Recommendations . Recommendations . 105/112 1. Do not deal with anonymous traders, if you cannot ensure your own anonymity 2. Discourage defection by practicing brinkmanship or casting the shadow of the future in every decision of your counterpart 3. Respond: Consider punishing defection to promote cooperation 4. Let the seller supply the vulnerability first, if interested in a one-time deal 5. Learn about Zero Determinant strategies, if playing in an onymous market
- 154. .. Recommendations . Recommendations . 105/112 1. Do not deal with anonymous traders, if you cannot ensure your own anonymity 2. Discourage defection by practicing brinkmanship or casting the shadow of the future in every decision of your counterpart 3. Respond: Consider punishing defection to promote cooperation 4. Let the seller supply the vulnerability first, if interested in a one-time deal 5. Learn about Zero Determinant strategies, if playing in an onymous market 6. Grim trigger: forever defect, if you see defection while playing in an anonymous market and have no ability to punish the opponent
- 155. .. Experimental verification . Recommendations . 106/112 If interested, please be in touch
- 156. .. Spring 2015: Speaking Dates . Recommendations . 107/112 . May 26th, PHDays V, Moscow, Russian Federation . May 28th, HITBSecConf 2015, Amsterdam, Netherlands . June 4th, AusCERT 2015, Gold Coast, Australia
- 157. ..
- 158. .. “ Though I am o en in the depths of misery, there is still calmness, pure harmony and music inside me. Vincent van Gogh.. ”
- 159. .. “ Though we are o en in the depths of insecurity, there is still calmness, pure harmony and music inside us. .. ”
- 160. .. СПАСИБО
- 161. Q ?
- 163. .. BeeWise . Backup . 114/112 .. . BeeWise is the first prediction market for forecasting security events and trends . More specifically, it is a security-event futures exchange where participants trade contracts whose payoﬀs are tied to future events in information security, such as the discovery of a given so ware vulnerability, a security incident, or the diﬀusion of new malware
- 164. .. BeeWise . Backup . 114/112 .. . With a large enough number of people betting on the outcome of selected events, the prices of the contracts will be an approximate measure of the probability of the underlying events at any time. The ability to use market prices as forward-looking indicators of security properties will help in establishing information symmetry between buyers and sellers (ie., build a quality signal), and help security stakeholders to make better and more informed decisions, by telling mediocre security products from good ones